Not anymore. They added a redirect.

OS X talks to plenty of apple.com subdomains and there really is no reason not to use self-signed certificates for this kind of thing.

the redirect happens _after_ the certificate warning. to get to the redirect, you have to accept the self signed certificate first.

so it might still scare people away, and rightfully so: normal folks cannot distinguish a self signed certificate from a malicious used one f.e. used in phishing attempts.

> normal folks cannot distinguish a self signed certificate from a malicious used one

What do you mean with "normal folks"? Nobody can possibly distinguish this, since an attacker would also just use a self-signed certificate.

You're right, of course. Did they change the certificate?

https://www.sslshopper.com/ssl-checker.html#hostname=apple.c...

https://www.sslshopper.com/ssl-checker.html#hostname=www.app...